Thus spake coderman (coderman@gmail.com):
The brief summary is that it will be submitting rare TLS certificates through Tor to EFF for analysis and storage. We will also leverage the database of certificates to provide notification in the event of targeted MITM attacks**.
I am trying to decide if this is a bad thing to enable by default for users.
if EFF was presented with a national security letter or other legal demand under seal demanding the existence of a given certificate not be exposed, would they be bound to not present a MITM alert for that cert?
Leaving this for pde and/or Seth.
(said another way, could this potentially be a false sense of security, if all trust for anomaly notification was placed in the EFF alone?)
The reality is we won't have the Firefox APIs to actually prevent content load after certificate inspection any time soon, so it's not feasible to trust this as your only security measure. Monsterous hacks might make this possible sooner, though... On a timescale where we can provide real security rather than just analysis and post-pwnage notification, we can build multiple databases to submit to/query, just like Perspectives. There's also no real reason why you can't use both Perspectives and HTTPS-Everywhere. Then you can get both of our half-assed after-the-fact notifications that you were owned :) -- Mike Perry Mad Computer Scientist fscked.org evil labs _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE